SCIM (System for Cross-domain Identity Management) library for C#

Question

The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations.

It is intended to replace the older SPML protocol.

Are there any "mature" C# libraries out there?

Most of the stuff I've googled is for Java or else doesn't seem very active.

Update:

In response to the comment:

These libraries are usually of the form:

User = new User;
User.name = "name";
... etc ...
User.Create;

In other words, it hides the underlying implementation by using a model user. That way you don't have to worry about the details of the actual protocol.

Just to point out that there are already some SCIM / Java questions on SO. — rbrayb, May 06 '13 at 00:28
Surely it depends on what you use at the backend for the user management? SCIM just defines the schema & REST API. WebApi could do most of this without needing any framework as such. — Simon Halsey, May 06 '13 at 00:35
Are you trying to find a library that handles creating/serializing/de-serializing of SCIM objects such as a User, rather than some implementation of making the REST calls? I've been looking too, so far not much luck - a little surprised :( — peteski, Dec 01 '15 at 19:47

score 11 · Answer 1 · edited Nov 18 '19 at 12:29

I've updated my original answer to hopefully provide some better information.

A) This library should (hopefully) be what you're looking for:

Microsoft.SystemForCrossDomainIdentityManagement

https://www.nuget.org/packages/Microsoft.SystemForCrossDomainIdentityManagement/

One of the authors of the project recently updated it to include v1 and v2 SCIM object support and you were absolutely correct with your links to the blog posts which explains the library's purpose.

http://blogs.technet.com/b/ad/archive/2015/11/23/azure-ad-helping-you-adding-scim-support-to-your-applications.aspx

(The author has now added this to the summary on nuget so people who find the nuget library before reading the blog post won't be as confused as I was).

Here's an example of deserialzing a user based on a GET request (to Facebook), you can easily create a new user object and set its properties etc. before POST or PUT'ing it into the system.

public static async Task GetUser()
{
    var oauthToken = "123456789foo";
    var baseUrl = "https://www.facebook.com/company/1234567890/scim/";
    var userName = "foo@bar.com";

    using (var client = new HttpClient())
    {
        // Set up client and configure for things like oauthToken which need to go on each request
        client.BaseAddress = new Uri(baseUrl);

        // Spoof User-Agent to keep Facebook happy
        client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36");
        client.DefaultRequestHeaders.Accept.Clear();
        client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", oauthToken);

        try
        {
            var response = await client.GetAsync($"Users?filter=userName%20eq%20%22{userName}%22");
            response.EnsureSuccessStatusCode();
            var json = await response.Content.ReadAsStringAsync();

            // This is the part which is using the nuget library I referenced
            var jsonDictionary = new JavaScriptSerializer().Deserialize<Dictionary<string, object>>(json);
            var queryResponse = new QueryResponseJsonDeserializingFactory<Core1EnterpriseUser>().Create(jsonDictionary);
            var user = queryResponse.Resources.First();                    
        }
        catch (Exception ex)
        {
            // TODO: handle exception
        }
    }
}

I initially ran into an issue using the Newtonsoft deserialzier rather than the MS one:

var jsonDictionary = await Task.Factory.StartNew(() => { return JsonConvert.DeserializeObject<Dictionary<string, object>>(json); });

Returned a Dictionary<string, object> but the factory couldn't make proper use of it.

You can use the Core2User or Core2EnterpriseUser classes if you're using v2 of the SCIM spec.

Furthermore the library, I believe can handle the creation of requests if you want (rather than crafting them yourself which does seem to be pretty straightforward anyway), here's another snippet from the author of the project (Craig McMurtry)

/* 
 * SampleProvider() is included in the Service library.  
 * Its SampleResource property provides a 2.0 enterprise user with values
 * set according to the samples in the 2.0 schema specification.
 */
var resource = new SampleProvider().SampleResource; 

// ComposePostRequest() is an extension method on the Resource class provided by the Protocols library. 
request = resource.ComposePostRequest("http://localhost:9000");

I hope this all helps, a massive amount of thanks are due to Craig McMurtry at Microsoft who has been very helpful in trying to get me up and running with the library - so I don't have to hand craft all my own model classes.

This may well connected with http://blogs.technet.com/b/ad/archive/2015/11/17/azure-ad-premium-now-supports-scim-2-0.aspx / https://azure.microsoft.com/en-us/documentation/articles/active-directory-scim-provisioning/ — rbrayb, Dec 03 '15 at 17:43
nzpcmad: You're absolutely correct in this, I contacted the authors of the project from nuget and I'm corrently in dialog with them about it all. I'll update my answer to hopefully offer some assistance. — peteski, Dec 04 '15 at 09:02
You can find the blog post archived at https://web.archive.org/web/20160103161006/http://blogs.technet.com/b/ad/archive/2015/11/23/azure-ad-helping-you-adding-scim-support-to-your-applications.aspx which will more or less direct you to the azure docs (which was updated very recently as well) here https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups — Kariudo, May 01 '19 at 18:42
Hi @peteski , your answer works in GET request, how to achieve same in PATCH request, any ideas? — Amay Kulkarni, Apr 16 '20 at 09:47

score 2 · Answer 2 · answered May 11 '16 at 03:07

2

Please evaluate the open source project, https://github.com/PowerDMS/Owin.Scim. I've been leading this development effort. While it's missing a few features that Microsoft has implemented quite well, it is far more complete in most other areas of scim. See if it fits your needs and we welcome all feedback to help shape the future of owin.scim.

answered May 11 '16 at 03:07

Daniel

1,843
2
18
27

Hi Daniel, I am comparing different SCIM implementations. There is no new release on Owin.Scim for the past 3 years and there are some missing features in the documentation and some waiting pull requests and some issues as well. Is this still an active project? – Ashkan S Jul 29 '21 at 09:23

Spencer · Answer 3 · 2022-10-06T16:22:37.367

2

I recommend SimpleIdServer.Scim https://github.com/simpleidserver/SimpleIdServer as an alternative. I did not end up using web api but it still worked for my needs. Specifically using SCIMFilterParser.Parse to parse the filters from the JSON responses.

edited Oct 06 '22 at 16:22

answered Nov 24 '20 at 00:55

Spencer

319
5
10

Unfortunately, their documentation is not that good. Did you implement your own store or did you just let them store it in say SQL server and then read it for your own use? – Ashkan S Jul 29 '21 at 09:16
I ended up writing my own data store but it's not publicly available – Spencer Jul 30 '21 at 16:58
Spencer, By ant chance did you manage to get rid of all the non-data tables like the schemas and everything pain free or did you stick to their keep everything in the DB model? – Ashkan S Aug 03 '21 at 23:09
I didnt use any of data tables or schemas. I used only the query / filtering methods. – Spencer Aug 05 '21 at 22:46

SCIM (System for Cross-domain Identity Management) library for C#

3 Answers3

Linked